At present there are removable security modules such as smartcards containing an initial credit. These security modules, called pre-payment cards, are used in particular in association with decoders in the field of the Pay-TV or conditional access TV. In this context, they allow encrypted contents to be decrypted.
As it is well known, in such systems that use a security module, the content is encrypted by means of control words and is then sent to multimedia units connected to a data or content supplier. The controls words are sent to multimedia units in an encrypted form in control messages ECM. These control messages ECM are transmitted by the decoder of the multimedia unit to the security module of this unit. If the decryption rights are present, the control messages are decrypted in order to extract the control words. Said control words are returned to the decoder that uses them to decrypt the content.
In practice, the security modules do not initially contain any rights. These rights are transmitted during an initialization step that is generally carried out by a technician during the installation of the multimedia unit. This means that this module does not operate at the time of purchase of a prepaid security module. This represents a drawback for the user who, despite having made the purchase, cannot immediately access the service for which he has paid.
In order to avoid this drawback, it is possible to send authorization messages EMM for the activation of the security modules using short temporal intervals, the user should wait until his module has received such a message. However, this presents the drawback of the use of a large bandwidth that is not always available and that is expensive for the data supplier.
It is of course possible to introduce decryption rights during the personalization of the security module, namely at the end of the manufacturing process before this module is put on sale. The effect of this would be to render the card immediately functional when it is introduced into the decoder. However, this process is practically never implemented in reality. In fact, in the event of the theft of the security modules for example, it would be necessary to send authorization messages EMM containing on one hand an identifier of the stolen modules and on the other hand a deactivation command, in order to render these stolen modules inoperative. The processing of such authorization messages EMM can be blocked relatively easily. It would thus be difficult or even impossible to deactivate the stolen modules.
Therefore, an incompatibility arises between the immediate functioning of the security module as soon as it is introduced into a decoder and the capacity to deactivate a stolen security module or to deactivate it for other reasons.
The Japanese abstract JP 2004186714 describes a decoder/security module assembly that works in the following way: an authorization message EMM containing a number of authorized control messages ECM is sent to the decoder. This number of messages is stored in the security module. This security module includes a counting function that decreases one counter value every time a control message ECM is decrypted.
This embodiment presents several drawbacks. Firstly, the counter receives a number of control messages that are authorized to be decrypted in an authorization message. Therefore, when the security module is introduced into a decoder it is necessary to wait for the reception and processing of an authorization message EMM before the decoder will be functional. This invention does not thus allow the production of a security module that works from the moment it is introduced into a decoder.
Then, when the value of the counter has been introduced into the security module, it is only possible to deactivate the decoder by sending an authorization message EMM that terminates the rights. However, as it is well known, it is relatively easy to filter and eliminate these messages before the rights have been terminated. Therefore, a security module will only be deactivated when the number of control messages that it is authorized to decrypt has been reached, this termination being automatic. This invention does not allow the production of a security module that can be very quickly deactivated at will.
This invention proposes to produce a security module that will be immediately operational when it is introduced into any suitable decoder, without previous registration at a management centre. It also proposes to give an operator the possibility of deactivating one or more security modules, in particular in the case of module theft or in the case of certain modules being used in an unauthorized way.